rbr email address scraping...

Sorry to bring this up, but I've just received an email that proves this newsgroup has had all the
email addresses embedded in current messages 'scraped' by a spammer and is being used to propagate
the w32.swen.a@mm worm.

My machines at home are being hit with two messages every three minutes from recognizable addresses
from this newsgroup. There are two message formats - one looks like a letter from Microsoft with
information about a security patch and the other is a bogus "unable to deliver" message. Both have
an executable file attached containing the worm. At two every three minutes, it only takes about 2.5
hours to overflow my ISP's email space allotment.

http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html

Do us all a favor and update your virus software definitions, and maybe follow this personal
recommendation - munge your email address in messages to the newsgroup just enough to prevent easy
use by these jackasses.

Mike G. -

----------------------------------------------------------------
Mike Gladu - Cycling Photojournalist & webmaster of "the 'drome" Email: mikeatvelodromedotcom
Online: http://www.velodrome.com/
================================================================

m_remove_gladu@mindspring.com (Mike Gladu) writes:

> Sorry to bring this up, but I've just received an email that proves this newsgroup has had all the
> email addresses embedded in current messages 'scraped' by a spammer and is being used to propagate
> the w32.swen.a@mm worm.
>
Hi there Mike Gladu

The phenomenon you are experiencing is not limited exclusively to this ng, or even to ng's
in general.

Countless Thousands of people are experiencing the same problem many (most perhaps) of whom do not
subscribe to the usenet.

There are some defensive tactics possible though.

The simplest is to NEVER read any mail sent to the address you use to post to ng's. And forget the
method you are currently uaing to attempt to limit the harvesting of your address. It's a waste of
bandwidth as any harvester worth his salt has his address grabber programme set to extract such lame
attempts at camouflage.

Get a hotmail (or similar) address and set the spam filter to <exclusive> and the _Safe_list_ to
only your own address and use it to post publicly.

Spoof the <From:> on your outbound messages to the HotMail (or similar)_ address you set up.

Get a Fastmail, FreeShell or CyberSpace address to use as your main inbound mail path.

IE: Cut out Mindspring/Earthlink/Itchy/Scratchy (I believe you are subscribed to one of that family
as an ISP) EXCEPT as an outbound path and expose your _Trusted_ Fastmail, FreeShell or
CyberSpace address only where you are sure it will not result in UCE or other Malicious stunts.

You won't be bothered again with the sort of things you are currently experiencing from ng related
sources. You will still get unwanted e-mail but it will be minimal and if you use FastMail (they
have around 100 domains you can choose from too) your mail will be pre-scanned with Sieve for your
further protection.

If you (or anybody for that matter) needs a little help on protecting a system, just ask in here and
give me an address where I can definitely reach you by e-mail.

What you have to do is tighten up your inbound path and. short of PBH'ing and whitelisting, since
those methods lead to throwing the baby out with the bathwater occasionally, make sure that you are
troubled as little as possible by unwanted e-mails.

--
le vent a Dos

Davey Crockett

Or you could just use a Mac..................like I do...

On 9/20/03 2:47 AM, in article m_remove_gladu-2009030447230001@10.0.1.4, "Mike Gladu"
<m_remove_gladu@mindspring.com> wrote:

> Sorry to bring this up, but I've just received an email that proves this newsgroup has had all the
> email addresses embedded in current messages 'scraped' by a spammer and is being used to propagate
> the w32.swen.a@mm worm.
>
> My machines at home are being hit with two messages every three minutes from recognizable
> addresses from this newsgroup. There are two message formats - one looks like a letter from
> Microsoft with information about a security patch and the other is a bogus "unable to deliver"
> message. Both have an executable file attached containing the worm. At two every three minutes, it
> only takes about 2.5 hours to overflow my ISP's email space allotment.
>
> http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
>
> Do us all a favor and update your virus software definitions, and maybe follow this personal
> recommendation - munge your email address in messages to the newsgroup just enough to prevent easy
> use by these jackasses.
>
> Mike G. -
>
> ----------------------------------------------------------------
> Mike Gladu - Cycling Photojournalist & webmaster of "the 'drome" Email: mikeatvelodromedotcom
> Online: http://www.velodrome.com/
> ================================================================

In article <BB921C79.60ECB%steve@REMOVEprintemp.net>, Steve <steve@REMOVEprintemp.net> wrote:

> Or you could just use a Mac..................like I do...
>
>
>
Yup no worried about worms and such with OSX here. Still it is a pain to delete the tons of emails
generated from infected systems,

On 09/20/2003 04:02 PM, in article BB921C79.60ECB%steve@REMOVEprintemp.net, "Steve"
<steve@REMOVEprintemp.net> wrote:

> Or you could just use a Mac..................like I do...

Using a Mac, like I do as well, may protect you from getting infected by the virus, but it's not
going to stop your mailbox from getting slammed with messages infected with the virus.

I opened up this morning to 200 e-mail messages, 150+ of which contained the virus Mike G. is
talking about ...

--
Steven L. Sheffield stevens at veloworks dot com veloworks at worldnet dot ay tea tee dot net bellum
pax est libertas servitus est ignoratio vis est ess ay ell tea ell ay kay ee sea aye tee why you ti
ay aitch aitch tee tea pea colon [for word] slash [four ward] slash double-you double-yew double-ewe
dot veloworks dot com [four word] slash

"Steven L. Sheffield" <stevens@veloworks.com> writes:

> On 09/20/2003 04:02 PM, in article BB921C79.60ECB%steve@REMOVEprintemp.net, "Steve"
> <steve@REMOVEprintemp.net> wrote:
>
>> Or you could just use a Mac..................like I do...
>
> Using a Mac, like I do as well, may protect you from getting infected by the virus, but it's not
> going to stop your mailbox from getting slammed with messages infected with the virus.
>
> I opened up this morning to 200 e-mail messages, 150+ of which contained the virus Mike G. is
> talking about ...

You hit the nail squarely on the head there Steven.

The infestation is only one side of the coin.

A Mac will protect you from this I believe, and so will Linux which I personally use.

But the receipt of the junk in the first place remains a problem.

I did post earlier on the subject, but briefly, a _Throw Away_ address for posting into Newsgroups
(Usenet) is still a pretty good defence, as is a double subscription to mailing lists, again using
the _Throw Away_ address for posting and the non disclosed second address for reading.

Expose your _good_ address as little as possible to forums where it is likely to be harvested and
just put up with what ever else percolates through.

I personally use Linux/Emacs/Gnus for mail/news reading and Gnus has several features which will
help cut down on UCE/fork floods/ etc attacks.

I split off my mail into separate boxes when it can be identified and anything else ends up in the
_Potential Trouble_ mailbox.

My final line of defence though still remains a fast scan of that mailbox before finally
deleting it.

If your IP resolves to your machine as mine does, you may also need to pay some attention to your
firewall settings.

All in all, having regard to the volume of email/newsgroup postings I make in a day, I am still
reasonably free of unwanted junk.

Regards,

--
le vent a Dos

Davey Crockett

In article <878yojm3hx.fsf@cpe0050da66e294-cm0f2069983361.cpe.net.cable.rogers.com>, Davey Crockett
<DC@hotmail.com> wrote:

> "Steven L. Sheffield" <stevens@veloworks.com> writes:
>
> > On 09/20/2003 04:02 PM, in article BB921C79.60ECB%steve@REMOVEprintemp.net, "Steve"
> > <steve@REMOVEprintemp.net> wrote:
> >
> >> Or you could just use a Mac..................like I do...
> >
> > Using a Mac, like I do as well, may protect you from getting infected by the virus, but it's not
> > going to stop your mailbox from getting slammed with messages infected with the virus.
> >
> > I opened up this morning to 200 e-mail messages, 150+ of which contained the virus Mike G. is
> > talking about ...
>
> You hit the nail squarely on the head there Steven.
>
> The infestation is only one side of the coin.
>
> A Mac will protect you from this I believe, and so will Linux which I personally use.
>
> But the receipt of the junk in the first place remains a problem.

My ISP has a pretty good filtering system so the vast majority of the spam I get goes into a
spamfolder on the ISP's server. it is pretty easy to mass delete the spam while doing a quick check
to make sure no real mail has been caught in the spam filter.

I have never ried to hide my email address but I get a fairly small amount of spam. I guess since I
only visit a small number of web sites or newsgroups my address isn't out there very much.Or maybe
it is the fact I don't have many friends so my email isn't in very many people

No ****, Sherlock ...

But I'd rather not have to go through the process of actually downloading
22.5 MB of viruses and deleting them ... (150 messages at 150K each)

You really are a dumbass, aren't you?

On 09/20/2003 06:50 PM, "Steve" <steve@REMOVEprintemp.net> wrote:

> On 9/20/03 4:08 PM, in article BB923A1E.E61F%stevens@veloworks.com, "Steven
> L. Sheffield" <stevens@veloworks.com> wrote:
>
>> On 09/20/2003 04:02 PM, in article BB921C79.60ECB%steve@REMOVEprintemp.net, "Steve"
>> <steve@REMOVEprintemp.net> wrote:
>>
>>> Or you could just use a Mac..................like I do...
>>
>>
>> Using a Mac, like I do as well, may protect you from getting infected by the virus, but it's not
>> going to stop your mailbox from getting slammed with messages infected with the virus.
>>
>> I opened up this morning to 200 e-mail messages, 150+ of which contained the virus Mike G. is
>> talking about ...
>
>
> Deleting is one of the easiest things to teach someone on the computer................
>

--
Steven L. Sheffield stevens at veloworks dot com veloworks at worldnet dot ay tea tee dot net bellum
pax est libertas servitus est ignoratio vis est ess ay ell tea ell ay kay ee sea aye tee why you ti
ay aitch aitch tee tea pea colon [for word] slash [four ward] slash double-you double-yew double-ewe
dot veloworks dot com [four word] slash

You are using your own domain asswipe...........

Don't download it.........deleting from your mailbox online

On 9/20/03 6:54 PM, in article BB9260EB.E646%stevens@veloworks.com, "Steven
L. Sheffield" <stevens@veloworks.com> wrote:

>
>
>
> No ****, Sherlock ...
>
> But I'd rather not have to go through the process of actually downloading
> 22.5 MB of viruses and deleting them ... (150 messages at 150K each)
>
> You really are a dumbass, aren't you?
>
>
>
> On 09/20/2003 06:50 PM, "Steve" <steve@REMOVEprintemp.net> wrote:
>
>> On 9/20/03 4:08 PM, in article BB923A1E.E61F%stevens@veloworks.com, "Steven
>> L. Sheffield" <stevens@veloworks.com> wrote:
>>
>>> On 09/20/2003 04:02 PM, in article BB921C79.60ECB%steve@REMOVEprintemp.net, "Steve"
>>> <steve@REMOVEprintemp.net> wrote:
>>>
>>>> Or you could just use a Mac..................like I do...
>>>
>>>
>>> Using a Mac, like I do as well, may protect you from getting infected by the virus, but it's not
>>> going to stop your mailbox from getting slammed with messages infected with the virus.
>>>
>>> I opened up this morning to 200 e-mail messages, 150+ of which contained the virus Mike G. is
>>> talking about ...
>>
>>
>> Deleting is one of the easiest things to teach someone on the computer................

I've been bombarded too.

Tom

-----= Posted via Newsfeeds.Com, Uncensored Usenet News =----- http://www.newsfeeds.com (http://www.newsfeeds.com/) - The #1
Newsgroup Service in the World! -----== Over 100,000 Newsgroups - 19 Different Servers! =-----

In article <BB921C79.60ECB%steve@REMOVEprintemp.net>, Steve <steve@REMOVEprintemp.net> wrote:

> Or you could just use a Mac..................like I do...

As do I...

...but it does nothing to stop email from coming in.

"Davey"s solutions pique my interest for the future, but don't address stopping the current flood.

Earthlink's spam filtering doesn't address this particular worm's ability hide where it comes from -
blocking known spammer domains and individual addresses is of little value.

A simple filter capable of stopping messages with executables attached would suffice, but is not
available in their limited arsenal.

I'd be happy to hear blocking ideas for Mac users (Eudora specifically).

Mike G. -

----------------------------------------------------------------
Mike Gladu - Cycling Photojournalist & webmaster of "the 'drome" Email: mikeatvelodromedotcom
Online: http://www.velodrome.com/
================================================================

Just found and used a great little programme called ultrafunk popcorn which deletes unwanted junk
from server. Freeware at www.ultrafunk.com All the best Dan Gregory

Dan Gregory wrote:
> Just found and used a great little programme called ultrafunk popcorn which deletes unwanted junk
> from server. Freeware at www.ultrafunk.com All the best Dan Gregory

What a coincidence. I just found and used a great little program called
W32/Swen@MM which purports to do the same thing.

"Robert Chung" <invalid@nospam.com> wrote in message news:3f6d7031$0$20625$626a54ce@news.free.fr...
> Dan Gregory wrote:
> > Just found and used a great little programme called ultrafunk popcorn which deletes unwanted
> > junk from server. Freeware at www.ultrafunk.com All the best Dan Gregory
>
> What a coincidence. I just found and used a great little program called
> W32/Swen@MM which purports to do the same thing.
This just downloads headers and you can delete them from you ISP mailbox so that all the files over
140kb that I have blocked with Outlook can be got rid of. It isn't another virus/spam spreader.. All
the best Dan Gregory

Dan Gregory wrote:
> This just downloads headers and you can delete them It isn't another virus/spam spreader..

Hmmm. Isn't this the kind of claim a *really* clever virus/spam spreader would make?

Mike Gladu wrote:
>
> In article <BB921C79.60ECB%steve@REMOVEprintemp.net>, Steve <steve@REMOVEprintemp.net> wrote:
>
> > Or you could just use a Mac..................like I do...
>
> As do I...
>
> ...but it does nothing to stop email from coming in.
>
> "Davey"s solutions pique my interest for the future, but don't address stopping the current flood.
>
> Earthlink's spam filtering doesn't address this particular worm's ability hide where it comes from
> - blocking known spammer domains and individual addresses is of little value.
>
> A simple filter capable of stopping messages with executables attached would suffice, but is not
> available in their limited arsenal.
>
> I'd be happy to hear blocking ideas for Mac users (Eudora specifically).
>

this won't help a lot, but right now i would stop using a mail program to download mail onto your
machine, and instead would go to earthlink's home page and sign in there to view your mail. then you
can delete everything you want quite easily (assuming earthlink provides this feature. would be
strange if they didn't).

heather

In article <3F6DAACA.991C510D@hotmail.com>, h squared <peckledoggyremovetoreply@hotmail.com> wrote:

> this won't help a lot, but right now i would stop using a mail program to download mail onto your
> machine, and instead would go to earthlink's home page and sign in there to view your mail. then
> you can delete everything you want quite easily (assuming earthlink provides this feature. would
> be strange if they didn't).
>
> heather

It's a nice suggestion, but downloading the messages and damage to my machine aren't my main
problems - it's my space allotment for mail on Mindspring servers. It fills up to overflowing in
about 2.5 hours.

If I would do any good, I would let the space fill up and bounce messages back to the sender, but
the worm spoofs the senders address so effectively that it only hurts me to let it fill.

I could go to their webmail page first to sort the good mail from the bad, but it takes forever.
Even with a broadband connection the speed of the web interface only reaches dialup-like speeds. On
top of that, the filters I've created for mail sorting are in Eudora, only on my home machine.

Thanks for the suggestion, but until someone comes up with a cure for the deluge, getting pi**ed
on during the filtering process is a small price to pay for collecting the personal mail that does
get through.

Mike G. -

----------------------------------------------------------------
Mike Gladu - Cycling Photojournalist & webmaster of "the 'drome" Email: mikeatvelodromedotcom
Online: http://www.velodrome.com/
================================================================

On Sun, 21 Sep 2003 16:19:42 GMT, Mike Gladu wrote:
> h squared wrote:
>> go to earthlink's home page and sign in there to view your mail.
>
> Thanks for the suggestion, but until someone comes up with a cure

If you have a shell account with your ISP, try procmail (see google). It might take some time
reading in to, however. Other than that, your ISP can probably provide you with a (commercial) spam-
and virusfilter service.

"Robert Chung" <invalid@nospam.com> wrote in message news:3f6d8f78$0$20152
> Hmmm. Isn't this the kind of claim a *really* clever virus/spam spreader would make?
Yes and the name of the programme probably doesn't inspire confidence in a wary reader. However I
found it on http://www.webattack.com/freeware/freeware.html because having had my virus scan block
the virus but not the messages (289 of them on Friday) I needed to find a way to clear my mailbox
having chosen to block messages over 140kb.... So now I run Outlook with Antispam, Antivirus etc
then delete the undownloaded files left in the mailbox with Popcorn.. Of course if I say "trust me"
or "read my lips" you will probably be even more wary.. All the best Bonne route Dan Gregory

m_remove_gladu@mindspring.com (Mike Gladu) wrote in news:m_remove_gladu-2109031119420001@10.0.1.4:

> In article <3F6DAACA.991C510D@hotmail.com>, h squared
> <peckledoggyremovetoreply@hotmail.com> wrote:
>
>> this won't help a lot, but right now i would stop using a mail program to download mail onto your
>> machine, and instead would go to earthlink's home page and sign in there to view your mail. then
>> you can delete everything you want quite easily (assuming earthlink provides this feature. would
>> be strange if they didn't).
>>
>> heather
>
> It's a nice suggestion, but downloading the messages and damage to my machine aren't my main
> problems - it's my space allotment for mail on Mindspring servers. It fills up to overflowing in
> about 2.5 hours.
>
> If I would do any good, I would let the space fill up and bounce messages back to the sender, but
> the worm spoofs the senders address so effectively that it only hurts me to let it fill.
>
> I could go to their webmail page first to sort the good mail from the bad, but it takes forever.
> Even with a broadband connection the speed of the web interface only reaches dialup-like speeds.
> On top of that, the filters I've created for mail sorting are in Eudora, only on my home machine.

I think Earthlink's "Spamblocker" should take care of this; I get the impression that it works if
you are using their web access to e-mail. So if spam is overflowing your account, you should call
their customer service and complain to them that the Spamblocker isn't working.

Now, I dunno if Spamblocker dumps spam into a Trash folder which could also fill to overflow; if
so, ***** to them about that too. But call them -- their ads tout their great service, so put it
to the test.

NS